[PATCH 60/90] Add support for not loading the kernel with semanage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/I+oAACgkQrlYvE4MpobOijQCg4jKn3ITpT3NcviRxIalCYzq7
BpUAnRN6pb061lbNGr33rt6ikLEddSaW
=+qkr
-----END PGP SIGNATURE-----

>From 87ac9856adfb444b8e686784db6d3c637ac308e1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 8 May 2012 16:06:25 -0400
Subject: [PATCH 60/90] Add support for not loading the kernel with semanage
 command

---
 policycoreutils/semanage/semanage   |    2 +-
 policycoreutils/semanage/semanage.8 |   27 +++++++++++++++------------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 628a686..0136d1e 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -95,7 +95,7 @@ Object-specific Options (see above):
         -F, --file       Treat target as an input file for command, change multiple settings
 	-p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
 	-M, --mask       Netmask
-	-N, --noreload   Do not reload policy into the kernel
+	-N, --noreload   Do not reload policy after commit
 	-e, --equal      Substitue source path for dest path when labeling
 	-P, --prefix     Prefix for home directory labeling
 	-L, --level      Default SELinux Level (MLS/MCS Systems only)
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
index 9e086d1..63b11dd 100644
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@@ -14,58 +14,58 @@ Input local customizations
 Manage booleans.  Booleans allow the administrator to modify the confinement of
 processes based on his configuration.
 .br
-.B semanage boolean [\-S store] \-{d|m|l|D} [\-n] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
+.B semanage boolean [\-S store] \-{d|m|l|D} [\-nN] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
 
 Manage SELinux confined users (Roles and levels for an SELinux user)
 .br
-.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnPrR] selinux_name
+.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnNPrR] selinux_name
 
 Manage login mappings between linux users and SELinux confined users.
 .br
-.B semanage login [\-S store] \-{a|d|m|l|D} [\-nrs] login_name | %groupname
+.B semanage login [\-S store] \-{a|d|m|l|D} [\-nNrs] login_name | %groupname
 
 Manage policy modules.
 .br
-.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
+.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] [\-N] module_name
 
 Manage network port type definitions
 .br
-.B semanage port [\-S store] \-{a|d|m|l|D} [\-nrt] [\-p proto] port | port_range
+.B semanage port [\-S store] \-{a|d|m|l|D} [\-nNrt] [\-p proto] port | port_range
 .br
 
 Manage network interface type definitions
 .br
-.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nrt] interface_spec
+.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nNrt] interface_spec
 
 Manage network node type definitions
 .br
-.B semanage node [\-S store] -{a|d|m|l|D} [-nrt] [ -p protocol ] [-M netmask] address
+.B semanage node [\-S store] -{a|d|m|l|D} [-nNrt] [ -p protocol ] [-M netmask] address
 .br
 
 Manage file context mapping definitions
 .br
 .B semanage fcontext [\-S store] \-{l} [\-Cn]
 .br
-.B semanage fcontext [\-S store] \-D
+.B semanage fcontext [\-S store] \-D [\-N]
 .br
-.B semanage fcontext [\-S store] \-{a|d|m} [\-frst] file_spec
+.B semanage fcontext [\-S store] \-{a|d|m} [\-Nfrst] file_spec
 .br
 .B semanage fcontext [\-S store] \-{a|d|m} \-e replacement target
 .br
 
 Manage processes type enforcement mode
 .br
-.B semanage permissive [\-S store] \-{a|d|l|D} [\-n] type
+.B semanage permissive [\-S store] \-{a|d|l|D} [\-nN] type
 .br
 
 Disable/Enable dontaudit rules in policy
 .br
-.B semanage dontaudit [\-S store] [ on | off ]
+.B semanage dontaudit [\-N] [\-S store] [ on | off ]
 .P
 
 Execute multiple commands within a single transaction.
 .br
-.B semanage [\-S store] \-i command-file
+.B semanage [\-S store] [\-N] \-i command-file
 .br
 
 .SH "DESCRIPTION"
@@ -143,6 +143,9 @@ Network Mask
 .I                \-n, \-\-noheading  
 Do not print heading when listing OBJECTS.
 .TP
+.B  \-N,\-\-noreload
+do not reload policy after commit
+.TP
 .I                \-p, \-\-proto
 Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).
 .TP
-- 
1.7.10.2
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux